Ransomware: Should you pay the ransom?
This is a guest post by MAURO SÁNCHEZ, author of the blog blog.smartfense.com Share
To pay or not to pay? The ransomware situation is not improving at all. It has definitely come to stay with us. The numbers increase at every moment and are really alarming. In recent years, Ransomware generated a gross annual income of $35 million per Ransomware per campaign. In the third quarter of 2016, 16 new types of Ransomware and more than 10 thousand modifications of existing ones were detected, with new techniques making it more difficult to prevent.
In this article, we will start by looking at the pros and cons of paying the requested bailout. We will also introduce a series of recommendations that will help us mitigate the event and prevent the recurrence of the infection again.
Do I have to pay or not?
But back to the question we all ask when we are infected, do I have to pay or not? Last week, an acquaintance of mine called me because he had been a victim of a ransomware attack and his first question was precisely that. To which, my first response (in jest) is always the same: stay calm and pay the ransom.
Beyond that, in many places, the recommendation is not to pay, not ever! We will leave the door open for each one to make his own decision.
Here are some considerations to take into account to make the decision:
- Can I recover the information from a backup?
- Is there a known solution to decrypt infected files already?
- Are they threatening to make the stolen information public?
- How important is the information I have lost?
If the decision is to pay the ransom, there are certain measures to take into account before doing so.
First, we must make sure criminals can actually decrypt your files. This happens because they often buy ransomware on the black market and do not even have the keys to decipher them. So make sure you can do it before you pay. You can usually send a file and have it returned decrypted to show they can do it.
Another consideration to take into account is that it is not very simple to get the bitcoins quickly, since we remember that in most cases, after a few days, the possibility of contacting the owner of the keys to recover your files will expire. In addition, bitcoins will not be available at the published reference price. That is why many companies are starting to have bitcoins bought in advance to prevent an attack, and, in the case of having to pay, to have them.
Last year at a security conference, a special agent in charge of the FBI’s cyber-counterintelligence program at the Boston office said, “Being honest, we sometimes advise people to simply pay the ransom.”
He said it with the best intention since many times there is no other option if we want to have a minimal hope of recovering the files.
Why not pay
There are many reasons not to pay.
If you do, criminals will know that you are the kind of person willing to pay money to regain access to the data. They will also know that the type of industry you are engaged in is likely to be willing to do the same. You leave a mark for the next attack.
Another reason not to make the payment is that we have seen many companies that after doing it are not willing to change their work habits, or carry out campaigns to prevent the event from happening again. For this reason, one should be committed to change their behavior and prevent this from happening again since if, soon after, they again end up being victims of an attack.
One more reason not to pay the ransom is that we cannot be sure that once we have paid the ransom we will get our information back, since they may not have the keys to decrypt them. Also, there is no way to prevent attackers from demanding more money.
Are you willing to finance this new market?
You should know that if you pay for the ransom, you are helping to create a new market for cybercriminals, which can lead to more Ransomware and other types of attacks. We must also consider the same ethical reason for funding illicit or criminal actions in addition to growing this illegal business and creating increasingly strong cybercriminals.
Likewise, we take into account that according to unofficial data, in 90% of cases, once the payment has been made, criminals return the data. This is because they try to keep the business model because if they did not, people would automatically stop paying and their income would fall.
Some extra tips
It is very useful to have in advance a procedure or decision on how to deal with Ransomware. Then, when we are victims of an attack, we will know what actions to take and cannot take us by surprise.
In either case, pay or not, it is always important to report the incident to sites like ODILA or No more ransom! That will guide us to different pages to officially denounce the crime and thus commit ourselves to battle cybercriminals.
The best decision
The best decision is not to have to make the choice of pay or not. Maybe, it sounds tricky, but what I am trying to say is that the prevention is the best path to take. Prevent a Ransomware infection and you will not have to face the difficult decision to pay a ransom.
And to prevent Ransomware you have to develop a layered-oriented security. Each layer of your security plan must be able to defend your organization for one or more attack vectors. And there is no magic layer. There is not a silver bullet. Security is not an isolated solution. And remember: The people in your organization are the first target of cybercriminals. So, also include them in your security strategy, because they are the gateway of most of the Ransomwares.
You can take a look at Smartfense here.